Differences between revisions 2 and 7 (spanning 5 versions)
Revision 2 as of 2017-12-24 16:50:20
Size: 843
Comment:
Revision 7 as of 2017-12-24 17:05:27
Size: 892
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
== Servers == == Keys ==
Line 5: Line 5:
Once all this works we will continue by adding TLS encryption to the setup.

=== Keys ===
On each of the Glusterfs servers run.
On each of the Glusterfs servers and clients run.
Line 15: Line 12:
=== Certificates ===
Now sign a certificate using that key.
== Certificates ==
Now sign certificates using those keys. Replace the `CN` so it matches the host you are siging the certificate for.
Line 18: Line 15:
root@gluster01:/etc/ssl/glusterfs# openssl req -new -x509 -key glusterfs.key -subj "/CN=gluster01" -out glusterfs.pem
root@gluster02:/etc/ssl/glusterfs# openssl req -new -x509 -key glusterfs.key -subj "/CN=gluster02" -out glusterfs.pem
root@gluster03:/etc/ssl/glusterfs# openssl req -new -x509 -key glusterfs.key -subj "/CN=gluster03" -out glusterfs.pem
root@gluster04:/etc/ssl/glusterfs# openssl req -new -x509 -key glusterfs.key -subj "/CN=gluster04" -out glusterfs.pem
openssl req -new -x509 -key glusterfs.key -subj "/CN=gluster01" -out glusterfs.pem
Line 24: Line 18:
== Clients == == Compile ==

Compile all the certificates into one large file
{{{
scp gluster01:/etc/ssl/glusterfs/gluster.pem gluster01.pem
scp gluster02:/etc/ssl/glusterfs/gluster.pem gluster02.pem
scp gluster03:/etc/ssl/glusterfs/gluster.pem gluster03.pem
scp gluster04:/etc/ssl/glusterfs/gluster.pem gluster04.pem
scp glusterclient01:/etc/ssl/glusterfs/gluster.pem glusterclient01.pem
cat gluster01.pem gluster02.pem gluster03.pem gluster04.pem > glusterfs.ca
}}}

GlusterFS Encryption

Keys

On each of the Glusterfs servers and clients run.

mkdir /etc/ssl/glusterfs
cd /etc/ssl/glusterfs
openssl genrsa -out glusterfs.key 2048

Certificates

Now sign certificates using those keys. Replace the CN so it matches the host you are siging the certificate for.

openssl req -new -x509 -key glusterfs.key -subj "/CN=gluster01" -out glusterfs.pem

Compile

Compile all the certificates into one large file

scp gluster01:/etc/ssl/glusterfs/gluster.pem gluster01.pem
scp gluster02:/etc/ssl/glusterfs/gluster.pem gluster02.pem
scp gluster03:/etc/ssl/glusterfs/gluster.pem gluster03.pem
scp gluster04:/etc/ssl/glusterfs/gluster.pem gluster04.pem
scp glusterclient01:/etc/ssl/glusterfs/gluster.pem glusterclient01.pem
cat gluster01.pem gluster02.pem gluster03.pem gluster04.pem > glusterfs.ca

None: GlusterFS Encryption (last edited 2021-03-26 21:25:57 by Kristian Kallenberg)